audit committee strategic audit plan...

Audit Committee, 5 June 2013 1

AUDIT COMMITTEE Date: 5 June 2013 _________________________________________________________________

Strategic Audit Plan 2013/14 Report of the Corporate Director of Finance _________________________________________________________________ Purpose of Report The purpose of this report is to advise the Audit Committee of the Strategic Audit Plan for 2013/14. This document outlines the planned work of Internal Audit during this period and is attached as Appendix 1. Recommendations It is recommended that the Audit Committee approves the Strategic Audit Plan 2013/14, attached as Appendix 1, and the proposed Internal Audit coverage set out therein. Key Issues 1 The Strategic Audit Plan for 2013/14 has been prepared in accordance with

the methodology endorsed by the Audit Committee at its meeting on 27 March 2013, and is attached to this Report as Appendix 1. The Plan sets out Internal Audit’s objectives for the remainder of 2013/14.

2 The Strategic Audit Plan helps to ensure that Internal Audit is able to meet its

objectives as an independent assurance function for the Council and to provide an independent and objective opinion to the organisation on the adequacy and effectiveness of the framework of governance, risk management, and control. Internal Audit must be independent in its planning and operation. Accordingly, in producing the Strategic Audit Plan, the Chief Internal Auditor is required to determine the priorities of Internal Audit, following consultation with stakeholders and assessment of risk, and to present this Plan to senior management and the ‘Board’ for review and approval.

3 A key feature of preparation of the 2013/14 Plan has been engagement with

services throughout the Council. Internal Audit has met with the Audit Committee, Chief Executive, all Corporate Directors, Heads of Service, and the External Auditor to develop a risk based audit needs assessment for the organisation. This has been used to prepare a Strategic Audit Plan which targets main areas of risk and aims to add greatest value to the organisation. The Strategic Audit Plan has been prepared in accordance with the Public

C


Sector Internal Audit Standards (effective from April 2013), and is now presented to the Audit Committee for approval.

_________________________________________________________________ Report Author Allison Mitchell – Chief Internal Auditor

(01670) 623884 / (0191) 643 5720 [email protected]


Information 1 At its meeting on 27 March 2013, the Audit Committee considered and

endorsed the approach to preparation of the Strategic Audit Plan for 2013/14. The Plan for 2013/14 has now been prepared in accordance with the methodology agreed by the Audit Committee, and is attached to this Report as Appendix 1.

2 The Strategic Audit Plan sets out Internal Audit’s objectives in the coming

year. It aims to ensure that Internal Audit is able to provide an independent and objective opinion to the organisation on the adequacy and effectiveness of the framework of governance, risk management, and control. The opportunity has been taken to align Internal Audit’s ‘planning year’ with the financial year, instead of the previous practice of the audit year running from June to May.

3 The Council’s Finance and Contract Rules recognise that Internal Audit

must be independent in its planning and operation, and that Internal Audit shall have an unrestricted range of coverage of the Council’s operations. The Audit Committee’s role is to consider the approach adopted in preparation of the Plan, and to approve this.

4 A key feature of preparation of the 2013/14 Plan has been engagement

with services throughout the Council. Internal Audit has met with the Audit Committee, Chief Executive, all Corporate Directors, Heads of Service, and the external auditor to develop a risk based audit needs assessment for the organisation. This has been used to prepare a Strategic Audit Plan which targets main areas of risk and adds greatest value to the organisation.

5 The Strategic Audit Plan for 2013/14 details those areas planned to be

subject to audit coverage during this period. The Plan also outlines: (a) the approach taken to risk assessment and audit planning; (b) the respective roles of management and of Internal Audit with regard

to internal control; (c) the relationship between Internal and External Audit, and the

approach which Internal Audit is planning to adopt in respect of key financial systems audit;

(d) quality standards with which Internal Audit will comply when delivering the Strategic Audit Plan;

(e) the resourcing of the Internal Audit team; and (f) key themes in the Strategic Audit Plan.

6 The Strategic Audit Plan 2013/14 sets out in detail planned coverage during the year. It will be kept under review, and progress reported to the Audit Committee. A full outturn on the 2013/14 Strategic Audit Plan will be reported to the Audit Committee at the end of the year. Regular quarterly monitoring and adjustment of the Plan is performed as a matter of course within the Internal Audit team, in accordance with relevant professional standards.


BACKGROUND PAPERS

(a) Public Sector Internal Audit Standards (PSIAS), Chartered Institute of Public Finance and Accountancy, December 2012

(b) Local Government Application Note for the UK Public Sector Internal Audit Standards, Chartered Institute of Public Finance & Accountancy / Institute of Internal Auditors, April 2013

(c) The Accounts and Audit (England) Regulations 2011, March 2011


IMPLICATIONS ARISING OUT OF THE REPORT

Policy:

Effective Internal Audit is an essential part of the County Council’s Corporate Governance arrangements. The Internal Audit service supports the Chief Finance Officer in discharging the requirements of section 151 Local Government Act 1972, which requires that local authorities ‘make arrangements for the proper administration of their financial affairs’. Internal Audit examines the Council’s systems of internal control, and the economy, efficiency and effectiveness with which resources are deployed. The Strategic Audit Plan sets out the planned areas in which this coverage will be focussed, based on an assessment of risk.

Finance and value for money

The audit of the Council’s activities, as set out in the Strategic Audit Plan, reduces the potential for financial loss through fraud, waste, and inefficiency.

Human Resources:

A robust Strategic Audit Plan provides clarity for officers within the Internal Audit service on the key outcomes which each audit assignment is intended to deliver. It is supported by an operational resourcing plan, ensuring that work can be properly planned and allocated.

Property None

Equalities (Impact Assessment attached) Yes o No o N/A þ

None An impact assessment is not applicable as the report does not require a key decision.

Risk Assessment The audit plan is prepared using a risk-based approach, thus ensuring that coverage is focussed on those areas of Council activity with high levels of risk to the achievement of key objectives.

Carbon Reduction None

Crime & Disorder The Strategic Audit Plan includes planned coverage on counter fraud assurance work.

Customer Considerations:

The Strategic Audit Plan has been based on a risk based audit needs assessment following consultation with customers of our Service


including the Audit Committee, Chief Executive, Corporate Directors, Heads of Service, and the external auditor.

Consultation Audit Committee Chief Executive Corporate Director of Finance (Section 151 Officer) All Corporate Directors Heads of Service External Auditor

Wards All

APPENDIX 1

Internal Audit Service Strategic Audit Plan 2013/14

June 2013

Strategic Audit Plan 2013/14 Page 2

CONTENTS 1

Introduction

2

Period Covered by the Strategic Audit Plan

3

Risk Assessment and Audit Planning

4

Internal Control: Roles of Management and of Internal Audit

5

Relationship with External Audit

6

Quality Standards

7

Resources

8

Key Themes in the Strategic Audit Plan 2013/14

9

Strategic Audit Plan 2013/14


1 Introduction 1.1 Internal auditing is an independent, objective assurance and consulting

activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. .

1.2 The Internal Audit team has a key role in helping the Council towards

achievement of its objectives. Internal Audit is an independent resource, assisting management by exploring areas of potential efficiency, and matters of probity and internal control. We seek to use our business intelligence and knowledge of the Council to make sensible, informed recommendations for improvement, and thus contribute to the effective running of the organisation.

1.3 Internal Audit provides assurance to the organisation that controls established

to manage risks to the achievement of the Council’s objectives are operating effectively. This has a positive impact on the risk environment, informing management whether the action which they are taking to control and manage risks is working as it should.

1.4 From April 2013, a new set of Public Sector Internal Audit Standards (PSIAS)

and a specific Local Government Application Note on the Standards have come into force. These build on the good practice set out in previous professional regulations, including audit planning requirements, and have the force of law. The requirements of the PSIAS have therefore been followed in the preparation of this Plan, outlined further below. This has involved establishing a risk-based plan to determine the priorities of internal audit activity, consistent with the organisation’s goals; an a wide programme of engagement on the aspirations of key stakeholders, with regard to assurance activity for the Council.

1.5 The Strategic Audit Plan, the detail of which is included in section 9, helps to

ensure that Internal Audit is able to meet its objectives as an independent assurance function for the Council and to provide an independent and objective opinion to the organisation on the adequacy and effectiveness of the framework of governance, risk management, and control. Internal Audit must be independent in its planning and operation. Accordingly, in producing the Strategic Audit Plan, the Chief Internal Auditor is required to determine the priorities of Internal Audit, following consultation with stakeholders and assessment of risk, and to present this Plan to senior management and the ‘Board’ for review and approval.


2 Period Covered by the Strategic Audit Plan 2.1 The Strategic Audit Plan sets out in detail the assurance coverage which

Internal Audit will deliver within the coming year, 2013/14. Previously, the ‘audit year’ has run from June to May each year; however the opportunity has been taken to align the Plan with the financial year, meaning this will end in March 2014 when a new risk based Plan will be prepared. The Plan needs to be realistic and achievable, and sufficiently flexible to respond to changing priorities as they occur.

2.2 On an annual basis, the areas which may benefit from audit review, and the

risk associated with the Council’s operations (see 3 below), are reassessed. Every year, an updated Strategic Audit Plan (giving detail of audits to be undertaken) is presented to the Audit Committee for approval.

2.3 The key objectives for the audit reviews identified to take place during 2013/14 are also shown in Section 9 of this document. In addition, each audit profiled in the Strategic Audit Plan has been mapped to the Council’s ‘Stronger Together’ Corporate Strategy, to demonstrate how Internal Audit coverage in 2013/14 will support the achievement of organisational goals. This is discussed further in the report, at paragraph 8 (f) and section 9. As corporate priorities are refined in the coming years, the Plan will be remapped to these so that the links between such priorities and the assurance function are always clear.

3 Risk Assessment and Audit Planning 3.1 It is important that audit resources are targeted at areas in which audit

coverage will produce greatest benefit. An audit needs assessment, detailing potential auditable areas within the Council, has been compiled with reference to audit and business intelligence within the Council.

3.2 Consultation has been undertaken with the Chief Executive, the Corporate

Director of Finance (as Chief Finance Officer), Corporate Directors, Heads of Service, Audit Committee, and the External Auditor regarding the Strategic Audit Plan. The audit needs assessment for each service area has been discussed with representatives from each Group, and management views sought on any additional areas considered worthy of audit review.

3.3 In deciding the areas to be audited, auditable areas have been risk assessed

by Internal Audit to determine the priority for audit review. Risk Based Internal Auditing requires Internal Audit to understand and analyse management’s assessment of risk, and base audit efforts around this assessment of risk to the organisation. Internal Audit have examined the available risk information and considered how this might influence the use of available Internal Audit resource.

3.4 Those auditable areas identified as most risk-sensitive by this process have

been prioritised for audit in the plan. Risk will continue to be monitored and


assessed each year, and the results of this assessment used to inform future audit priorities. This ensures that the Audit Plan reflects the current risks facing the Council.

3.5 The Strategic Audit Plan has therefore been based on an assessment of the

Council’s objectives and business goals, risks facing the organisation and its achievement of these goals, known strengths and weaknesses in the internal control system, the requirements of the Council’s responsible financial officer (Chief Finance Officer) and the Accounts and Audit (England) Regulations 2011, and the views of the Council’s Chief Executive, Corporate Directors, Heads of Service, Audit Committee, and the Council’s appointed external auditor.

4 Internal Control: Roles of Management and of Internal Audit

4.1 It is a management responsibility to establish effective internal controls, in

order that activities are conducted in an efficient and well ordered manner. Internal control comprises the whole system of controls and systems, both financial and otherwise, established by management to:

• safeguard assets and prevent fraud;

• ensure the completeness and reliability of records;

• monitor adherence to laws, regulations, policies and directives;

• promote operational efficiency and good value for money; and

• manage risk. 4.2 Amongst its responsibilities, Internal Audit examines, evaluates and reports

on the adequacy of internal control as a contribution to the proper, economic, efficient and effective use of resources. Internal Audit assists management in delivering the objectives of the Council through assessing exposure to risk and recommending, where appropriate, practical improvements to the control environment. Internal Audit’s remit includes:

• assessing if operations are being carried out as planned, and if objectives / goals are being achieved;

• assessing the adequacy of systems established to ensure compliance with policies, plans, procedures, laws and regulations, i.e. rules established by the management of the organisation or externally;

• assessing the completeness, reliability and integrity of information, both financial and operational;

• assessing the extent to which the Council’s assets, data and interests are properly accounted for and safeguarded from losses of all kinds, including fraud, corruption, waste, extravagance, abuse, ineffective management and poor value for money; and

• assessing the economy, efficiency and effectiveness with which resources are deployed.


4.3 For each of the audits performed during 2013/14, a project brief will be produced and distributed prior to the audit starting so that the objectives of the audit and approach to be adopted are understood by both Internal Audit and the audit client. The project brief sets out the framework and key deliverables for the audit as well as clarifying the shared expectations between Internal Audit and the audit client. In addition, the document provides accountability for Internal Audit and is a useful monitoring mechanism.

5 Relationship with External Audit 5.1 Internal Audit is a management tool. As such, its remit is wide and it may be

called upon by management for support and assistance in a variety of situations. The duties of the external auditor are more prescriptively defined in their relevant Codes of Practice and legislation. In summary, the External Auditor’s principal objectives are to review and report on the audited body’s financial statements and arrangements for securing economy, efficiency and effectiveness in the use of resources. Internal Audit liaises with the Council’s external auditor, to co-ordinate work, reduce the possibility of duplication and to maximise the potential for the external auditor to rely on the work performed by the Internal Audit Service. This is particularly helpful in the audit of the Council’s key financial systems (see below).

5.2 Although the emphasis of Internal and external audit are different, both are

concerned with the financial well-being of the Council, the stewardship of public funds, and the systems of internal control in place. Internal Audit will continue to co-ordinate its work with the Council’s External Auditor for the benefit of the Council, where ever possible.

6 Quality Standards 6.1 Internal Audit’s work has for a number of years been governed by standards

set out in the Code of Practice for Internal Audit in Local Government in the UK (2006). From April 2013, these standards have been replaced by a new set of Public Sector Internal Audit Standards (PSIAS).

6.2 Under the Accounts and Audit (England) Regulations 2011, the Council must

“undertake an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with proper practices in relation to internal control”. The Department for Communities and Local Government (DCLG) has determined that from 2013/14 the ‘proper practices in relation to internal control’ will comprise both the new PSIAS and also the specific Local Government Application Note, published by CIPFA in April 2013. CIPFA has been designated the relevant Internal Audit Standard Setter for local government bodies under the new PSIAS.

6.3 The PSIAS incorporate a Code of Ethics for internal auditors, and a number of

clear standards with which Internal Audit functions are required to comply.


These comprise attribute standards and performance standards in the following areas:

Attribute Standards

(a) Purpose, authority and responsibility (b) Independence and objectivity (c) Proficiency and due professional care (d) Quality assurance and improvement programme

Performance Standards

(e) Managing the internal audit activity (f) Nature of work (g) Engagement planning (h) Performing the engagement (i) Communicating results (j) Monitoring progress (k) Communicating the acceptance of risks

6.4 Much of the sound auditing practice in the previous Internal Audit Code of

Practice is reflected in the new PSIAS, as would be expected. During 2013, a full review of Internal Audit arrangements and comparison with the revised requirements will be undertaken to confirm that all aspects of the PSIAS are fully met, with this review being reported back to Audit Committee within the year.

7 Resources 7.1 The Chief Internal Auditor must ensure that internal audit resources are

appropriate, sufficient and effectively deployed to achieve the approved plan. Internal Audit’s establishment currently comprises the equivalent of 10.86 FTEs and the shared Chief Internal Auditor, with additional specialist anti-fraud consultant support. A separate detailed resource plan supports the Strategic Audit Plan, used to monitor Internal Audit productivity and performance. This information is in turn reported to the Audit Committee.

7.2 During 2012/13, to supplement and improve the assurance offer, Internal

Audit will be introducing a continuous auditing approach in respect of a number of key financial systems. This will help us to achieve the objectives set out in Section 9 of the Strategic Audit Plan more effectively.

8 Key Themes in the Strategic Audit Plan 2013/14 8.1 The detailed objectives to be delivered by each audit planned for 2013/14 are

set out in section 9. Key themes in this work include:


(a) Programme Assurance – as new projects and ways of working are

developed and introduced throughout the Council, it is efficient to utilise

Internal Audit to assure arrangements as the programme develops and

embeds. This helps to ensure that audit input is timely and helpful, and

that issues of control and governance can be addressed effectively by

project sponsors as they arise.

(b) Controls Assurance – the audit programme will be key in supporting controls assurance work, which is already underway to enhance good governance arrangements within the Council, and reflected in preparation of the Annual Governance Statement.

(c) Advice and Contingencies – the Plan recognises that from time to time, Internal Audit may be needed to help in responding to ad-hoc matters and unforeseen events. Resource has been set aside for such requests; if this allocation is not required, audits on an indicative plan prepared for 2014/15 (which will be confirmed with Corporate Directors and Heads of Service during the year) will be accelerated and brought forward into 2013/14.

(d) Corporate and Cross Cutting Audits and Group-based Audits – the

Plan includes a number of ‘corporate’ items, which are administered throughout the Council or which affect all Council services. In addition, the Plan retains several Group-based audits, where these have been identified as high priority.

(e) Key Financial Systems – In developing an opinion on the adequacy and

effectiveness of the framework of governance, risk management, and control, Internal Audit must examine the Council’s key financial systems of Payroll, Creditors, Debtors and Cash / Non Credit Income (ie those high volume / high value systems through which funds enter and leave the Council). In addition, for the same reasons, Council Tax, Business Rates and Housing Benefits will normally be included in the Plan. Our focus and coverage on these key systems will follow a risk based approach of greatest benefit to the Council.

(f) Corporate Strategy – the Strategic Audit Plan has been mapped to

themes and objectives in the ‘Stronger Together’ strategy, to demonstrate that assurance is not provided in isolation but instead contributes directly to the achievement of the organisation’s main goals. As the corporate strategy is updated, we will continue to monitor and manage how the Strategic Audit Plan can support emerging priorities.


9 Strategic Audit Plan 2013/14 Advice & Programme Assurance Function

Heading Auditable Area Description / Audit Objectives Link to Corporate Strategy

Programme Assurance

• New Systems / Methods of Service Delivery

Internal Audit will add value by providing assurance on aspects of the approach and work undertaken, and assessing the robustness of arrangements for benefits realisation. The systems, programmes and new initiatives to be supported will be developed during the year, and will include supporting the Council’s ‘Lean’ Programme arrangements as required.

Organisational Transformation – Our Systems – Our Efficiency

Advice, Contingencies & Assurance

• Advice & Guidance • Contingencies & Work Requests

• Fraud & Special Investigations

• Quality & Development

Responding to ad-hoc queries and requests for advice; responding to requests for one-off audit assignments, where it is considered that audit involvement is necessary; responding to allegations of fraud (see also proactive anti-fraud work in counter fraud section below); project assurance and assuring appropriate consideration has been given to internal control & governance issues when new systems are introduced.


Follow up and Implementation

• Follow up on Recommendations

Monitoring the implementation of Internal Audit recommendations, in consultation with the Service Areas which have received these recommendations.

Organisational Transformation – Our Efficiency

Annual Opinion

• Annual Opinion

An annual opinion on the ‘adequacy and effectiveness of the framework of governance, risk management and control’ will be drafted and presented to the Corporate Director of Finance (Section 151 Officer), Strategic Management Team and Audit Committee, outlining the audit work performed during the year and summarising key themes. This will be timed to support production of the Council’s Annual Governance Statement.



Value Added Function


Corporate & Cross Cutting

Value for Money

To develop, in conjunction with Corporate Directors and Head of Service, a review programme to assess how the achievement of value for money is planned, managed and monitored by Heads of Service within their fields of responsibility. This will include a review of value for money outcomes delivered within a sample of Council services, to be determined with the Corporate Director of Finance.


Invest to Save Programme

To review the Council’s internal “Invest to Save” programme, to assess whether this is achieving planned outcomes and operating as intended. This will include the critical examination of a sample of Invest to Save bids to evaluate whether these have proceeded in line with the business cases submitted, and if they have delivered intended outcomes.


Enterprise Resource Planning (ERP) System implementation

To support the Council in the implementation of the new ERP system. This will include: a) providing assurance regarding the wider employee related aspects of the project;

b) assessing the robustness of procedures established for the verification of data migration; and

c) providing programme assurance to the Strategic Management Team.

Organisational Transformation – Our People – Our Systems – Our Efficiency

Travel and Subsistence Allowances

To examine and evaluate the operation of the Council’s processes for the accurate and timely payment of Travel and Subsistence allowances.


Capital Programme Management – Post Project Review

To evaluate the arrangements in place to perform post project reviews of capital projects undertaken by or commissioned by the Council.



Value Added Function


Corporate & Cross Cutting

Single Status Agreement

To review the application of processes and procedures established within the Council aimed at ensuring the effective and consistent application of provisions contained within the single status agreement.


Pre Submission Review of Grant Claims

There are a number of funding organisations that require an Internal Audit review prior to final claim submission. Internal Audit will undertake the necessary assurance checks as these grant submissions become due.


Counter Fraud


Counter Fraud

Pro-active anti-fraud work

To undertake pro-active anti-fraud and corruption work (including participation in the Audit Commission’s National Fraud Initiative); and to raise the awareness of counter fraud and counter-corruption measures across the organisation. This work links closely with the audits of the Council’s main financial systems, detailed later in the plan (see pages 18-19).



Value Added Function – Group Audit and Assurance (Adult Services Group)


Adult Care

Continuing Health Care

To provide programme assurance to the Corporate Director of Adult Services through undertaking a post implementation review of a range of elements coming under the joint working arrangement between the Clinical Commissioning Group for the delivery of Continuing Health Care.

Support Residents, Families & Communities Organisational Transformation – Our Systems

Strategic Housing

Affordable Housing Delivery Programme

To provide programme assurance to the Corporate Director of Adult Services on the Affordable Housing Delivery Programme.


Front-line Housing Services

To determine a programme of assurance work, designed to provide the Head of Strategic Housing with assurance that agreed systems and procedures are being consistently applied, to support achievement of objectives set out within the Council’s housing strategy.

Support Residents, Families & Communities


Value Added Function – Group Audit and Assurance (Children’s Services Group)


Children’s Services Group

Safeguarding

To appraise the systems in operation and to assess whether these systems are operating effectively and are in accordance with guidance published by the Council so that payments are only made to correctly appointed employees who have been subject to adequate checks regarding (for example, CRB and the Single Central Record), providing assurance to the organisation on the safeguarding of our children.


Troubled Families

To work with Children’s Services management to critically appraise arrangements established for administration of the Council’s responsibilities in respect of the Troubled Families Grant, to assess whether systems are sufficiently robust to ensure that any grant entitlement is claimed and evidenced.


Schools / Educational Establishments

• To assess, on a thematic basis, the application of controls associated with the discharge of responsibilities relating to delegated school budgets, within a sample of the County’s schools on a risk assessed basis.

• To provide advice and support on issues of probity and internal control, on school and other educational establishment financial governance related issues, as requested by Children’s Services. This may include, for example,

Ø support in verifying aspects of financial arrangements in the case of any planned school closures;

Ø support in verifying aspects of financial arrangements in the case of any planned transfer of service provision; or

Ø support to schools within the Schools Intervention and Support Programme.



Value Added Function – Group Audit and Assurance (Children’s Services Group)


Early Years & Schools

Academies

To support the Council’s processes for maintaining effective internal control when implementing arrangements for schools transferring to Academy status.


Schools’ Financial Value Standard (SFVS)

The Department for Education (DfE) has introduced this replacement for the former Financial Management Standard in Schools, for which Internal Audit previously acted in an externally accredited assessment capacity on behalf of the Chief Finance Officer. Internal Audit will be required to support the new Standard, in particular to provide assurance to the Corporate Director of Finance (Section 151 Officer), to assist in the completion of mandatory returns to DfE.



School ‘Health Checks’

Continuing a discretionary service introduced in 2011/12, schools may opt to purchase independent assurance to assist in preparation of their SFVS return.


Family & Disability Services

Direct Payments (Children’s)

To ascertain whether the systems and procedures currently in operation for the implementation of Personalisation and the payment and review of Direct Payments are functioning satisfactorily. To ascertain whether they are in accordance with legislation and to provide an opinion to management on the effectiveness of the system of internal control in place.


Organisational Transformation – Our Systems

Adult Learning Service

Adult Learning Services

To provide an independent view upon service delivery modelling for the Adult Learning Service; this will include supporting the Head of Service in intelligence gathering into alternative ways of working.




Value Added Function – Group Audit and Assurance (Transformation Group)


Customer and Cultural Services

Leisure Management

A review of the monitoring of CSalt and TeesActive leisure management contracts to establish how best to ensure value for money and consistency in quality within contractual constraints to align with County Council expectations.

Promote Health and Well-being

Contact Centres

To review the overall systems and procedures in place for the management and operation of the newly integrated contact centre at Cramlington, assessing compliance with agreed policies and procedures and to make suggestions for improvement if applicable.


Medical Examiners

To support the Head of Customer and Cultural Services in the development of the new Medical Examiners’ Service for Northumberland, that is required to be in place under legislation (date for implementation to be confirmed), in providing advice and assurance in the project.


Integrated Facilities and Property Management Services

Property Repairs and Maintenance

To examine the operation of the K2 system within Integrated Facilities and Property Management, and to evaluate controls in place around the system and ultimately assess whether financial data is consistently captured, enabling a transparent and accurate spend profile.


Information Services

Diagnostic review

To work in collaboration with Information Services management to determine and document the Information and Communications Technology control environment, assess risks inherent in this environment, and to evaluate those areas of the arrangements in place which would most benefit from early audit review. Possible areas for inclusion are set out below.






Infrastructure Audits: i) Perimeter Security ii) Environmental Controls / Disaster Recovery / Business Continuity Management

To obtain assurance that the underlying Information Systems infrastructure effectively supports the Council’s business processes, to assess the underlying confidence in the confidentiality, integrity and availability of the Council’s data. Perimeter Security: To focus on the systems of control managed by IS to protect the Council’s computer infrastructure, applications and data from internal and external threats e.g. protection against the risks associated with virus / hacking attacks. In particular, to determine whether:

• The controls and procedures on firewalls are correctly configured to provide the optimum level of protection.

• Anti-Virus software is installed as appropriate, properly configured and updated to provide the maximum level of protection.

• The controls and procedures within IS support the effective operation of the network by minimising the risk of virus infection.

• The use of new technologies, including remote and wireless access, exposes the Council to risk.


Environmental Controls / Disaster Recovery To determine whether the controls and procedures in place to protect the Council’s computer assets are adequate and operating effectively. To further determine whether, in the event of a disaster or significant event causing major disruption to the Council’s data processing capabilities, disaster recovery / business continuity management plans are in place, which will minimise any disruption to the computer processing of business critical systems.


Compliance Audits – e.g. Data Protection / Freedom of Information

To determine whether the Council complies with data protection and freedom of information legislation relating to the processing and retention of personal data and that the controls and procedures in place to ensure compliance are adequate and operating effectively.






System Audits

To determine whether the systems and procedures in operation are functioning satisfactorily and are in accordance with legislation and council policy, on behalf of the lead business user identified for each system. In particular, to determine whether:

• The systems comply with good practice and all legal, statutory and regulatory body requirements and meet the business need;

• All transactions are completely and accurately recorded and traceable;

• Access to information and facilities is controlled and restricted to authorised users according to their needs;

• The potential for fraud and error are minimised;

• The systems are effectively administered and supported;

• All staff using the systems have been correctly trained to the level that will allow them to properly fulfil their duties;

• The systems are continually available during working hours;

• The systems provide complete and accurate management information; and

• Upgrades to the systems are properly resourced and managed to meet clearly stated and agreed business objectives.


Transformation

Learning Together

To review the implementation of Learning Together across the Council, including assessment of how well embedded it is and how well it is working in achieving its objectives.

Organisational Transformation – Our People

Pre-Employment Checks

To follow up recommendations made during the 2011/12 audit, to determine whether sufficient checks are undertaken for an individual prior to the commencement of employment in accordance with Council policy and legislation. In particular to determine whether: a) Criminal Records Bureau (CRB) disclosures have been completed where appropriate prior to the commencement of employment. b) The right to work in the United Kingdom has been correctly established and the correct documentation retained prior to the commencement of employment.

Organisational Transformation – Our People




Digital Company

Broadband / NorthNet

To review the transfer and future governance arrangements between the various parties and stakeholders to the project, including NCC, the new digital company, Arch and schools to assess whether arrangements are sufficiently robust to deliver the new county-wide broadband project alongside current in-house service provision.

Grow Northumberland’s Economy

Value Added Function – Group Audit and Assurance (Finance Group)


Financial Services

HR and Payroll

To evaluate the controls within the payroll system designed to prevent and / or detect fraud, irregularity or error, and to ensure that payments are made in accordance with Council policy, legislation and the requirements of HM Revenues and Customs. Particular emphasis will be placed upon areas of greater risk, such as:

• New starters, • Basic pay and variations to pay / additional payments, and • Leavers.

Employee Verification checks will also be performed, as agreed with the External Auditor.


Procure to Pay (Creditor Payments)

To determine whether there are adequate controls within the creditor systems to prevent and / or detect irregularity or error and that payments are made in accordance with Finance and Contract Rules and legislation. Particular emphasis will be placed on evaluating the controls over:

• Ordering, • Receipt of goods and services, and • Payments.



Value Added Function – Group Audit and Assurance (Finance Group)


Financial Services

Duplicate Payment Prevention

This audit involves the extracting of payment data from the Accounts Payable system and interrogation of that data to identify possible duplicate payments, to maximise the likelihood of the Council being able to recover the overpayments.


Cash and Bank

To determine whether there are adequate controls within income collection and reconciliation procedures to prevent and / or detect irregularity or error and that transactions are processed in accordance with Finance and Contract Rules.


Debtors

To determine whether there are adequate controls within the system to ensure that all credit income due is invoiced for in accordance with legislation and council policy, including the Corporate Debt Recovery Policy. Particular emphasis will be placed upon a review of departmental income collection procedures.


Council Tax

To determine whether the procedures in operation for administration of the council tax system are operating satisfactorily in accordance with legislation. Particular emphasis will be placed upon assessing compliance with the controls over billing, council tax banding amendments and recovery.


Housing and Council Tax Benefit Subsidy Claim

To undertake testing of the 2012/13 Housing and Council Tax Benefits Subsidy claim, as agreed with external audit, to enable external audit to certify the Council's Annual Housing and Council Tax Subsidy claim.


Localisation of Business Rates and Council Tax Support

To review the financial impact of the localisation of business rates and council tax support, and the effectiveness of procedures for the identification, management and monitoring of impacts.



Value Added Function – Group Audit and Assurance (Local Services Group)


Development Management

S106 Planning Agreements, Section 278 Agreements and Community Infrastructure Levy (CIL)

Further to the review of governance arrangements in this area during the previous year, and management action taken: a) to review and appraise system developments introduced by management to improve the administration of arrangements related to Section 106 agreements.

b) to review and evaluate arrangements in place for Section 278 agreements, to assess whether these bear suitable controls.


Highways and Neighbourhood Services

Winter Maintenance

To review and evaluate the effectiveness of controls in operation across the county to ensure the correct controls are being implemented consistently with respect to start to end systems starting with the commissioning of external providers and the initiation of activity by the Council’s in-house operatives through to budget monitoring.


Stores

To review and evaluate the effectiveness of controls in operation across stores held in various locations. This review will seek to assess whether appropriate and correct controls have been established; whether these controls are being implemented consistently; whether appropriate checks are in place to ensure materials are used for their intended purpose; and whether stores are properly administered as a result. To undertake assurance mapping, jointly with service management, and to help assess the value for money which may be possible from alternative ways of operating a stores function, as identified by management.

Support Residents, Families & Communities Organisational Transformation – Our Systems – Our Efficiency

Sign Shop

To undertake a full follow up to recommendations made during 2012/13 in respect of the 19 Sign Shop Project.


Burials & Cremations

To review the policies and procedures in relation to Burials and Cremations to ensure these are adequate and are being operated consistently and effectively throughout the County.



Value Added Function – Group Audit and Assurance (Local Services Group)


Highways and Neighbourhood Services

Plant Hire

To review and critically appraise the use of hired plant within a sample of the Council’s operations. Specifically, this audit will seek to establish whether value for money is being secured, and whether arrangements for hired plant bear suitable controls.


Waste & Fleet Management Services

Operator’s Licence Compliance

To undertake a full follow up to recommendations made during 2012/13 in respect of the review and evaluation of the Council’s arrangements for ensuring that its Operator’s Licence responsibilities are effectively discharged, and specifically to assess whether agreed fleet management procedures are being consistently applied by fleet users throughout the Council.


Fuel Management

To review the arrangements in place for the purchase, delivery, storage and usage of fuel to assess whether fuel stores are properly administered, robust systems to prevent misuse are in place and are being consistently applied and that the delivery and storage is compliant with relevant Health and Safety and environmental legislation.


Sustainable Transport

Concessionary Fares

To review and evaluate the effectiveness of procedures in place to assess whether the policy approved by elected members to support communities is properly implemented, that the correct reimbursements are made to bus companies and that they can be validated based upon the level of services used by fare permit holders.


Local Services Group

Charging Policies

To assess whether Council policies on charging for services are consistently applied across the Local Services Group with the correct rates being used and the collected monies securely held and properly accounted for.



Value Added Function – Group Audit and Assurance (Fire and Rescue Service)


Northumberland Fire and Rescue Service

Emergency Control Centre Project

• To perform a post project implementation review to provide assurance upon the financial probity of the scheme in preparation for the external project review.

• To contribute to the value for money examination of future staffing options for the Emergency Control Centre.

Promote Health & Well-being

audit committee strategic audit plan...

Documents